Re: [libvirt] [PATCH v2 17/18] tools: Provide a script to recover fubar'ed XATTRs setup
On Thu, Nov 29, 2018 at 02:52:32PM +0100, Michal Privoznik wrote:
Our code is not bug free. The refcounting I introduced will
almost certainly not work in some use cases. Provide a script
that will remove all the XATTRs set by libvirt so that it can
start cleanly.
On this point, it would be a nice idea to be able to write some
unit tests to exercise the security drivers, as this is something
we're significantly lacking coverage of.
With mocking of the chown/setxattr/etc methods we can easily
detect some ofthe bugs you fixed here, such as forgetting to
restore labels of certain resource types.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tools/Makefile.am | 1 +
tools/libvirt_recover_xattrs.sh | 89 +++++++++++++++++++++++++++++++++
2 files changed, 90 insertions(+)
create mode 100755 tools/libvirt_recover_xattrs.sh
diff --git a/tools/Makefile.am b/tools/Makefile.am
index f069167acc..1dc009c4fb 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -75,6 +75,7 @@ EXTRA_DIST = \
virt-login-shell.conf \
virsh-edit.c \
bash-completion/vsh \
+ libvirt_recover_xattrs.sh \
$(PODFILES) \
$(MANINFILES) \
$(NULL)
+XATTRS=("trusted.libvirt.security.dac"
+ "trusted.libvirt.security.ref_dac"
+ "trusted.libvirt.security.selinux"
+ "trusted.libvirt.security.ref_selinux")
Needs updating to account for FreeBSD naming now
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|